Re: Websearch: ranking recent articles higher (was: Bandwidth-hungry services burden the internet)

[Dmitry Alexandrov]

[Please note: Something happened with your MUA and your letter had fallen off 
the thread.]

Akira Urushibata  wrote:
> On 28 May 2020 Dmitry Alexandrov wrote:
>> "Kaz Kylheku (gnu-misc-discuss)" <936-846-2...@kylheku.com> wrote:
>>> It is fairly well-known that Google ranks newer material above older 
>>> material.  Historic areas of the web are basically in a black hole as far 
>>> as the Google search is concerned.
>>>
>>> And since many people reach for the Google search engine without even 
>>> thinking there might be alternatives, those areas of the web basically 
>>> don't exist.
>>
>> That is, there are some websearch providers that do not rank new and updated 
>> articles higher?  Why do not they, I wonder?  It looks like a pretty sane 
>> choice.
>
> Other conditions being equal, a websearch will rank a newer document above an 
> older one.  But the other conditions are never equal.

Yes-yes, sure.  My question was rather about those ‘alternatives’, mentioned by 
@936-846-2...@kylheku.com, that treat dusty areas of the web better.


signature.asc
Description: PGP signature

Re: Websearch: ranking recent articles higher (was: Bandwidth-hungry services burden the internet)

[Dmitry Alexandrov]

"Kaz Kylheku (gnu-misc-discuss)" <936-846-2...@kylheku.com> wrote:
> It is fairly well-known that Google ranks newer material above older 
> material.  Historic areas of the web are basically in a black hole as far as 
> the Google search is concerned.
>
> And since many people reach for the Google search engine without even 
> thinking there might be alternatives, those areas of the web basically don't 
> exist.

That is, there are some websearch providers that do not rank new and updated 
articles higher?  Why do not they, I wonder?  It looks like a pretty sane 
choice.


signature.asc
Description: PGP signature

Re: Programmers as users

[Dmitry Alexandrov]

nipponm...@firemail.cc wrote:
> Alexandre François Garreau:
>> For those unaware: most mailing software can \u201cfilter\u201d mails so you 
>> don\u2019t see them, and they end up deleted
>
> Yea, I'm SURE Free Software Programmers have a TON of problems "Discovering" 
> that mail clients can FILTER WHATEVER YOU WANT. Yes you  are SURELY helping 
> ACTUAL Free Software Programmers.

Iʼm afraid, you overestimate us, mortals.

Just wander around mailing lists and count pretty actual programmers, that 
instead of configuring filters try to shift the burden of satisfying their 
preferences on every their correspondent by setting ‘Mail-Followup-To’ to the 
list address, and sometimes even complain if one does not notice this request 
(and in extreme cases just complain, without setting the header).

Or have messed up quotes or broken URLs in their mail, evidently because the 
very simple idea, that the damn autohardwrapping could and should be disabled, 
never came to their minds.

Or have encodings broken (he-he ;-).


signature.asc
Description: PGP signature

Re: What is ‘OS’? (was: Why "GNU/Linux" is not accepted: an observation)

[Dmitry Alexandrov]

Akira Urushibata  wrote:
> Subscribers of this mailing list know what an operating system is.

Yes, they for sure know.  But I would not sure, that they _agree_ on what ‘OS’ 
is.

If we exclude marginal ones (like OS == kernel), I am aware of two consistent 
definitions of ‘operating system’:

1. Operating system is a set of auxiliary programs, necessary to use 
applications, which are the programs that you actually want to use to solve 
some tasks.  Where these programs come from is irrelevant.

Since the criterion is purely subjective, there is no precise boundary: if you 
perform some scientific calculations and also use, say, youtube-dl(1), the same 
Python can be both application and a part of the OS for you.

2. Operating system is set of programs, installable on the top of hardware, 
distributed by a single vendor.  In other words, it is exactly the same as 
distribution (‘distro’).

Despite that this criterion is objective, the same program still can be both: 
Minesweeper™ and KMines are part of operating system as long as they are 
distributed within MS Windows and Debian respectively, but are not if installed 
separately.

These two definitions are not unrelated, though.  You might easily come to idea 
to install the latest Python from upstream if you write in it, and hardly 
bother to get to know, in which language youtube-dl is written, at the same 
time.

So feel free to mix them in right proportions to construct a desired discourse.

Back to the question of (dis)agreement, though.

Those, who like to talk about GNU (on Linux or otherwise) operating system as a 
 fait accompli, are evidently inclined to the first one.

While those who were going to dub Guix, the distribution, ‘the GNU OS’ few 
years ago in order to finally fulfil the GNU Manifesto, seem to prefer the 
second.


signature.asc
Description: PGP signature

Re: A GNU “social contract”?

[Dmitry Alexandrov]

Andreas Enge  wrote:
> On Wed, Nov 06, 2019 at 04:06:42PM -0500, Alfred M. Szmidt wrote:
>> What is the exact _goal_ of this text?
>
> I think it should be a necessary (but not sufficient) condition for 
> stakeholders in the GNU project to take part in its governance.

As it seems, that youʼve changed your mind at some point and no longer believe, 
that your ideological-driven ‘contract’ shall cover all GNU contributors, but 
shall be used to build some sort of elite within GNU, Iʼd like to append my 
list of concrete suggestions to make GNU more inclusive [0], drafted at you 
request, with one more important point:

* (1′) Do not openly classify volunteers basing on ideas they uphold.  Those, 
who find themselves to be legal second-class citizens of GNU because they do 
not share some RMSʼs views promoted to local credo, will not be very happy 
about that, even if they are not going to claim any leadership.

[0] <4kzgmu89.321...@gmail.com>


signature.asc
Description: PGP signature

Re: A GNU “social contract”?

[Dmitry Alexandrov]

"Kaz Kylheku (gnu-misc-discuss)" <936-846-2...@kylheku.com> wrote:
> By the way, "contract" seems like a misnomer
> A statement of promises to behave in some ways toward some group (such as a 
> "community"), who makes no reciprocal promises and isn't a party to the 
> document is rather a "pledge", or "solemn promise" or such

Given that current proposals are actually not statements of promises, but 
statements of _facts_: “GNU is a consistent operating system”, “GNU 
collaborates with the broader free software community”, “GNU welcomes 
contributions from all and everyone”, et cetera; words _“confession of faith”_ 
suit even better.


signature.asc
Description: PGP signature

Do the proponents of GNU ‘Social contract’ value its paragraph about ‘harassment’ above the freedom-related ones? (was: A GNU “social contract”?)

[Dmitry Alexandrov]

Andreas Enge  wrote:
> Dmitry Alexandrov wrote:
>> Andreas Enge  wrote:
>>> Dmitry Alexandrov wrote:
>>>> Instead of making GNU more welcoming place by lessening the burden of 
>>>> formalities, you in fact propose GNU to withdraw deeper into itself by 
>>>> inventing ideology-driven ‘contracts’
>>>
>>> I do not see how the aim of creating a harassment-free environment could be 
>>> construed as making GNU a less welcoming place...
>>
>> In other words, the only real aim of your ‘social contract’ is to impose 
>> that last paragraph about ‘harassment’ on everyone, while all the software 
>> freedom stuff is just a decoration that should not be taken seriously?
>
> sorry, this is plain nonsense.

I am glad to hear that.  Yet the rest of your letter keeps convincing me, that 
my suspects were not groundless.

> The document contains four points. You and other question the last point.

I have no idea, who is that mystical ‘other’, but no, _I_ did not question it!

> In a reply, I defend the last point. How you can logically conclude that the 
> first three points are "decoration" is beyond me.

No, it is definitely not beyond you, as youʼve just explained it in one simple 
sentence!

Upon reading objections to the whole idea of ideological-driven ‘contracts’, 
youʼve rushed to _defend its last point only_, despite it was not questioned.  
Thatʼs exactly how I concluded, that it is the most important point for you.


Now, Iʼd be grateful if @l...@gnu.org too would answer the question put into 
subject line.


signature.asc
Description: PGP signature

Concrete suggestions on how to make GNU more welcoming (was: A GNU “social contract”?)

[Dmitry Alexandrov]

Andreas Enge  wrote:
> Please, Alexandre and others
> I would suggest to make concrete suggestions

Thank you for invitation.

Concrete suggestions on how could GNU be improved to attract more contributors:

* (1) Do not impose any ideology on them.

* (2) Lessen the amount of formalities, that contributors have to pass:

** Revise (towards 0) the list of subprojects, that require them to assign 
copyright.

** For the remaining ones, relax a copyright-assignment policy, as 
all-or-nothing attitude proved to be unnecessary by real copyleft enforcement 
cases.

One of the ways to relax it may be that: do not demand anything from a new 
contributor straightaway, but wait till it became obvious that his 
contributions will eventually comprise a substantial share of codebase.

** Relax the requirement to prove their rights by providing anything from their 
employer, if any relaxation is still possible.

* (3) Fight the negative myth about GNU as a place full of dogmas and 
bureaucracy:

** Make it as clear as possible:
- that GNU welcomes everyone, regardless of their political preferences, and in 
particular regardless of whether they embrace free software philosophy or not;
- and even if they do, that nobody will shame them for not living a life of 
saint of Church of Emacs here.

** Make all the remaining necessary formalities as transparent as possible.  
One should not collect (perhaps, outdated) anecdotal evidences around the Web, 
but have an opportunity to consult an official and up-to-date summary about:
- whether he need to undergo any paperwork (preferable answer: no, more 
realistic answer: check the list);
- what personal information he has to reveal (preferable answer: none);
- how to make a paperwork if any needed (preferable answer: an email is enough);
- if he assign copyright on his code, does he retain a right to use it in 
nonfree software (answer: yes);
- how probable it is, that he has to ask his employer to do anything 
(preferable answer: only if he himself supposes that this is needed).

Make as clear / transparent as possible here means to publish it prominently on 
gnu.org and spread it over Reddit-like resources and other social networks.

> on wording, or paragraphs to remove [from] or to add [to the proposed ‘Social 
> contract’].

Per (1) — remove the whole ‘Social contract’.


signature.asc
Description: PGP signature

GNU vs. Church of Emacs (was: A GNU “social contract”?)

[Dmitry Alexandrov]

Andreas Enge  wrote:
> Here we disagree. GNU is not developed in a cave

Yes, thanks to a RMSʼs wise decision not to mix development of GNU with Church 
of Emacs — a decision you are now trying hard to revise and drive GNU into a 
cave where all contributors have to live on “their own dog food”.

You presumably believe, that a relatively high number of Church of Emacs 
followers among GNU developers is an achievement, that GNU should be proud of.

No, itʼs a shame that GNU is not able to attract a wide range of contributors 
by non-ideological reasons — just like other free and ‘open source’ software 
do.  Much more of a shame than ‘unable to attract women’ of yours¹.

> We have a public role, and whenever we go to conferences or hacker meetings, 
> we get an opportunity to lead by example.
> And I definitely do not need any official validation to do that.

You do not, yet others do? ;-)  Otherwise, why these ‘contracts’?

-
¹ By the way, it had been mentioned numerous times as a well-known fact, yet no 
any references were cited, is there any?


signature.asc
Description: PGP signature

Re: A GNU “social contract”?

[Dmitry Alexandrov]

Andreas Enge  wrote:
> On Wed, Nov 06, 2019 at 01:56:15AM +0300, Dmitry Alexandrov wrote:
>> Instead of making GNU more welcoming place by lessening the burden of 
>> formalities, you in fact propose GNU to withdraw deeper into itself by 
>> inventing ideology-driven ‘contracts’.  And in order to add an insult to 
>> injury — to cover it with Western buzzwords like ‘inclusiveness’. :-\
>
> Ideology? Hm.

Ideology, doctrine, religion — call the thing, that made you think that a GNU 
developer has to be condemned for using a Macbook, whatever you find best.

Actually, ‘Church of Emacs’ suits exceptionally well, so from now on I will 
refer to it as that.

> I do not see how the aim of creating a harassment-free environment could be 
> construed as making GNU a less welcoming place...

In other words, the only real aim of your ‘social contract’ is to impose that 
last paragraph about ‘harassment’ on everyone, while all the software freedom 
stuff is just a decoration that should not be taken seriously?

> Neither how the word "inclusiveness" could be interpreted as an insult.

Indeed, next to a proposition to exclude all dissenters, it could and should be 
rather interpreted as hypocrisy.

> Nor whether we need to distinguish "Western"

Of course, you do need to distinguish it, as long as you care to keep GNU a 
universally inclusive project.


signature.asc
Description: PGP signature

Re: A GNU “social contract”?

[Dmitry Alexandrov]

Jean Louis  wrote:
> Yet you do allow as Emacs maintainer publishing of free software improvements 
> into Emacs?
> publishing … into Emacs
> into

What?

I suppose, youʼd better rephrase that.


signature.asc
Description: PGP signature

Re: A GNU “social contract”?

[Dmitry Alexandrov]

Andreas Enge  wrote:
> On Sat, Nov 02, 2019 at 11:13:57PM +0300, Dmitry Alexandrov wrote:
>> > We want to give everyone the opportunity to contribute to our efforts on 
>> > any of the many tasks that require work.  We welcome all contributors…
>>
>> Many GNU subprojects value ‘recordkeeping’ (per Prof. Moglen [2]) and 
>> ‘protection for FSF’ (per @a...@gnu.org [3]) more than giving anyone an 
>> opportunity to contribute.  Are you calling for change in priorities?  If 
>> yes, I would appreciate it, if you name few concrete steps.
>
> No change of priorities, I think, but promoting non-discrimination and 
> inclusiveness. The emphasis is on "give *opportunity* to contribute (...)  
> *regardless* of their gender etc. (...) *harassment-free* (...)".  It does 
> not mean that bad contributions need to be accepted, or those where the 
> copyright assignments are not done correctly, and so on.

So thatʼs exactly what I was afraid of.

Instead of making GNU more welcoming place by lessening the burden of 
formalities, you in fact propose GNU to withdraw deeper into itself by 
inventing ideology-driven ‘contracts’.  And in order to add an insult to injury 
— to cover it with Western buzzwords like ‘inclusiveness’. :-\


signature.asc
Description: PGP signature

Re: A GNU “social contract”?

[Dmitry Alexandrov]

Andreas Enge  wrote:
> On Tue, Nov 05, 2019 at 11:49:03PM +0300, Dmitry Alexandrov wrote:
>> Andreas Enge  wrote:
>> > For instance, I would not find it acceptable that a GNU maintainer goes to 
>> > [a conference] to give a talk about their newest open source software on a 
>> > Macbook
>> 
>> Why not?  In any case, GNU Emacs maintainer John Wiegley 
>> <@jwieg...@gmail.com> did exactly that [0].
>>
>> [0] $ mpv https://www.youtube.com/watch?v=G9yiJ7d5LeI
>
> I do not think so - the talk topic is about Nix, a GNU/Linux distribution.

Yes, and Haskell.  I missed your point, though.  Are they not open source?

> So if he used a Macbook (I cannot see this in the video)

So listen it.  (Itʼs not a bad talk, by the way. ;-)  He says it somewhere 
during the first minutes.

> it is most likely one of the older models that are famous for being 
> compatible with Libreboot.  Then of course it is not a machine with 
> proprietary software, but one with a GNU system - entirely "eat your own dog 
> food" style!

‘Libreboot’, lol!  Of course, it is not.  He is a macOS user.


signature.asc
Description: PGP signature

Re: A GNU “social contract”?

[Dmitry Alexandrov]

Andreas Enge  wrote:
> On Tue, Nov 05, 2019 at 12:46:42PM -0500, Alfred M. Szmidt wrote:
>> In the GNU project everyone is welcome, even people who do not share the 
>> goals and philosophy of the GNU project.
>
> I do not think this makes sense, actually. As soon as we have a bit of 
> responsibility in GNU (like being a maintainer, which is the role I know), we 
> are also ambassadors of GNU. So I would expect us to uphold the GNU 
> standards. For instance, I would not find it acceptable that a GNU maintainer 
> goes to [a conference] to give a talk about their newest open source software 
> on a Macbook

Why not?  In any case, GNU Emacs maintainer John Wiegley <@jwieg...@gmail.com> 
did exactly that [0].

[0] $ mpv https://www.youtube.com/watch?v=G9yiJ7d5LeI


signature.asc
Description: PGP signature

Re: The list discourse

[Dmitry Alexandrov]

"Thompson, David"  wrote:
> On Tue, Nov 5, 2019 at 1:54 PM Dmitry Alexandrov <321...@gmail.com> wrote:
>> "Thompson, David"  wrote:
>> > So you ousted the moderators that added you as moderators?  How lovely.  
>> > The discourse here has gotten considerably worse since.  Surely a 
>> > coincidence.
>>
>> FWIW, I do not think so, on the contrary, Iʼm pleased to see even a small 
>> shift in a discourse from @l...@gnu.org’s and @andr...@enge.fr’s “letʼs make 
>> GNU more welcoming to new contributors by imposing ‘contracts’ on them” to 
>> @gameonli...@redchan.it’s “letʼs make GNU more welcoming to new contributors 
>> by reducing the burden of formalities on them”, however inappropriate the 
>> rest of his remarks are.
>
> Ignoring the blatantly incorrect summary of what Ludovic and Andreas have said

No-no, please, do not ignore it.  If you believe, that I got incorrectly, 
please elaborate.  Iʼm actually not so sure whether it is a well summary of 
Ludovicʼs proposition, but Andreasʼs — yes, I suppose, it is.

> I'm just gonna go out on a limb and say that "I prefer the toxic discourse 
> guy" is not a great argument in favor of the changes in the discourse here.

If you are used to pay more attention to ‘guys’ than to their words, yes.  I 
sincerely try to do the opposite, though.


signature.asc
Description: PGP signature

Re: The list discourse (was: list moderation)

[Dmitry Alexandrov]

"Thompson, David"  wrote:
> So you ousted the moderators that added you as moderators?  How lovely.  The 
> discourse here has gotten considerably worse since.  Surely a coincidence.

FWIW, I do not think so, on the contrary, Iʼm pleased to see even a small shift 
in a discourse from @l...@gnu.org’s and @andr...@enge.fr’s “letʼs make GNU more 
welcoming to new contributors by imposing ‘contracts’ on them” to 
@gameonli...@redchan.it’s “letʼs make GNU more welcoming to new contributors by 
reducing the burden of formalities on them”, however inappropriate the rest of 
his remarks are.


signature.asc
Description: PGP signature

Re: Is negative publicity always harmful?

[Dmitry Alexandrov]

Brandon Invergo  wrote:
> Dmitry Alexandrov writes:
>> Iʼm afraid, you conflated two points.  Publicity that undermine the core 
>> competency of an organization — yes, is perhaps is the most harmful thing 
>> for it.
>>
>> While negative publicity on irrelevant topics is either much less harmful, 
>> or sometimes even beneficial.
>>
>> Dr. Stallman has been always, in almost every his speech, pointed out, that 
>> in terms of publicity everything is still so bad, that he has to struggle to 
>> make it known that GNU and free software movement in general merely exist.  
>> And that they are not the same as Linux® and ‘open source’, in particular.
>>
>> Under that conditions, any kind of public attention to GNU should be 
>> welcoming.
>
> As I previously requested, please let's drop discussions of particular 
> people, especially when it comes to what they said or did outside of GNU.  I 
> know you are not attacking but standing in rms's defense

No, I actually did not defend him specifically.  If Sandra have posted her rant 
not here, but in some place where it could reach those who are unaware of free 
software, I would present the very same arguments in her defence.


signature.asc
Description: PGP signature

Is negative publicity always harmful? (was: Women and GNU and RMS)

[Dmitry Alexandrov]

Sandra Loosemore  wrote:
> The absolute worst thing the public-facing representative of *any* 
> organization can do is bring negative publicity to the organization about 
> things that are irrelevant or contrary to the organization's mission.

Iʼm afraid, you conflated two points.  Publicity that undermine the core 
competency of an organization — yes, is perhaps is the most harmful thing for 
it.

While negative publicity on irrelevant topics is either much less harmful, or 
sometimes even beneficial.

> As a result of RMS's comments, all of a sudden the public conversation about 
> the GNU project was not about how good our software is and how free software 
> is taking over the world and beneficial to everybody

Dr. Stallman has been always, in almost every his speech, pointed out, that in 
terms of publicity everything is still so bad, that he has to struggle to make 
it known that GNU and free software movement in general merely exist.  And that 
they are not the same as Linux® and ‘open source’, in particular.

Under that conditions, any kind of public attention to GNU should be welcoming.

> It's been a public relations disaster for the GNU project.  :-(

Time will tell.

-- 
P. S.
> a developer community that consists almost exclusively of old white men is 
> not sustainable.

You know, developer communities reproduce themselves not solely by breeding. :-D


signature.asc
Description: PGP signature

Re: Need of `stubborn governance'

[Dmitry Alexandrov]

a...@gnu.org (Alfred M. Szmidt) wrote:
>Whatʼs about Readline and Tivoization, though?
>
> With Readline I was refering to how GNU clisp used readline

Ah!  Thanks.

>> To understand a opposition, one needs to know the why.  Taking your 
> statement at face value as to what might have been said, that is, calling 
> other free systems for "lesser systems" would be unfriendly and unkind, so 
> why do that?  That in it self would be a good reason to strongly object to 
> such a statement since it would alienate people working on other free systems.
>>
>> But now knowing the precise words used, making any fair analysis of the 
> decision is hard, and a simply way to find a false reasoning is to call it 
> "stubborn" or similar.
>
>Sorry, I re-read this several times, yet still do not follow.  Could you 
> recap it in a simpler language?
>
> You mentioned opposition as to why Guix shouldn't be "the GNU system", but 
> not the reasoning behind the opposition.  I was trying to explain why the 
> opposition, based on your account, would have made sense -- in that making 
> the claim that other systems are "less important would" have been counter 
> productive.
>
> Does that better explain it?

Yes, sure.  When I said, that I do not follow, I mostly meant your second 
paragraph.  Maybe I too stupid, but I still do not.  What `precise words' do we 
know now?


signature.asc
Description: PGP signature

Re: Why fewer contributors to GNU? They have to reveal identity and assign copyright

[Dmitry Alexandrov]

Jean Louis  wrote:
> * gameonli...@redchan.it  [2019-11-04 12:56]:
>> Reasons fewer men contribute to GNU:
>> - Have to reveal identity.
>
> That is not quite so. In America country it is possible to use pen names.

Why is it specific to ‘America country’ (whatever it is)?

I thought, contributing to GNU does not require it, unless the subproject, you 
are sending patches to, have a strict copyright assignment policy, in which 
case FSF clerks indeed ask you to reveal you identity to them (and only to 
them, not publicly).  Am I wrong?

>> - Have to assign copyright (a submissive act).
>
> That is not submissive act but legal act and cooperation. It is necessary for 
> cases of legal enforcement where evidences have to be shown in courts of law.

What ‘it’?  The current all-or-nothing policy, where anyone who is going to 
contribute more than 15 lines or so have to undergo a paperwork, proved to be 
unnecessary overkill by the enforcement story of the most enforced free program 
so far — Linux®.

The other side of coin is that FSF does not encourage authors of GNU packages, 
that have not adopted this strict copyright assignment policy, to assign their 
copyright.

In other words, GNU software maintainers have to choose between loosing certain 
number of contributors or totally loosing legal enforceability — no middle 
option.


signature.asc
Description: PGP signature

RMSʼs videos (was: Will RMS be back to Programming now?)

[Dmitry Alexandrov]

gameonli...@redchan.it wrote:
> The video in Putins Russia
> Putins Russia
> Putins

???

> The video in … Russia this year was very good; you should put that on the GNU 
> page

Which one?   RMS gave several speeches during his last visit to Russia: two in 
SPb and one in Moscow, IIRC.

> also the biography video he did this year also was spectacular. Together they 
> really explain everything from top to bottom, and concisely.

Again, a specific link would be apt.


signature.asc
Description: PGP signature

Re: “Restricting yourself to just one message a day to the list is not a bad thing” (was: List posting rules)

[Dmitry Alexandrov]

Jean Louis  wrote:
> "Restricting yourself to just one message a day to the list is not a bad 
> thing." -- that is nonsense and shall be removed. By imposing speed of 
> thinking and speed of writing you are hindering speed of communication and 
> thus any solutions and friendship balances to take place here.

Besides, it encourages lumping thoughts on several topics to a single letter, 
while the commonly believed best practice for public forums is the exact 
opposite.


signature.asc
Description: PGP signature

Re: Why can't I send mail to this list?

[Dmitry Alexandrov]

gameonli...@redchan.it wrote:
> On 2019-11-03 19:33, Dmitry Alexandrov wrote:
>> nipponp...@airmail.cc wrote:
>>> Testing if I can post to this list, probably not since you guys censor 
>>> everything (so that RMS can't see his supporters.)
>>
>> gameonli...@redchan.it wrote:
>>> Why do you censor me? You censored my mails to RMS to keep him from 
>>> considering what I have to say, now you censor me from this list?
>>
>> Let me guess: addresses you use for posting are not the same you had used 
>> for subscribing, or you are not subscribed to this list at all, but read it 
>> on gmane.org or something like that.  So thatʼs why!  Iʼm afraid, itʼs 
>> normal practice for most ML here on gnu.org or elsewhere, otherwise spam 
>> would pass in.  Please note, that being subscribed != actually receive all 
>> the mail, GNU Mailman allows to control it independently, it is rather 
>> equivalent to being registered.
>
> I re-subscribed and it said I was already subscribed.  I had been getting the 
> emails in my mailbox too.

Double check it.  Since my guess about you using numerous different addresses 
for subscribing and posting turned out to be true (it had leaked in the message 
below), I stick with human error on your side as a most probable hypothesis.

Though, that gnu.org has a prejudice against your mail service provider 
<https://cock.li>, is also possible.  Try another one.

Having a prejudice against you personally is hardly possible because of 
paragraph 1.

--- Begin Message ---
I was wondering; will RMS be back to programming now, for the gnu 
system, and other things perhaps?
I think all us hackers missed him. People kept saying "he doesn't 
program anymore, what has he done lately" etc.

Will he do it now? And at an ever increasing clip?

I totally relate to everything he says on the talks he's given (I've 
been hacking free-software videogames for almost 2 decades now, plus 
system software and all that)... I only recently really begun to read 
his ideas (I knew the free software points, but to read the history he 
gives of everything) and watch the videos.


The video in Putins Russia this year was very good; you should put that 
on the GNU page, also the biography video he did this year also was 
spectacular. Together they really explain everything from top to bottom, 
and concisely.


So, will RMS be /back/ after a decade(s) or so on the road now? Back 
with his hacker friends he's created?


--- End Message ---


signature.asc
Description: PGP signature

Re: puri.sm (was: Why don't gnu.org and RMS sign mail? - FDE Crypto)

[Dmitry Alexandrov]

Alexandre François Garreau  wrote:
> Le lundi 4 novembre 2019, 14:51:08 CET Jean Louis a écrit :
>> * gameonli...@redchan.it  [2019-11-04 14:05]:
>> Look here how Purism, company behind the PureOS, one of the FSF endorsed 
>> fully free system distributions is disabling the Intel management engine:
>> 
>> https://www.theinquirer.net/inquirer/news/3019569/purism-disables-intels-man 
>> agement-engine-on-linux-powered-laptops 
>> https://puri.sm/learn/avoiding-intel-amt/
>
> Purism do not respect users’ freedom: 
> https://libreboot.org/faq.html#will-the-purism-laptops-be-supported

I see the context of your letter and aware of certain deceptive marketing 
practices that had been used by puri.sm.  However, out of the context that 
claim looks glaringly unfair.

Iʼd like to remind, that puri.sm is the first company ever that designed a 
computer [0] with the requirements of ‘Respect your freedom’ certification in 
mind.

[0] https://shop.puri.sm/shop/librem-5/


signature.asc
Description: PGP signature

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Dmitry Alexandrov]

a...@gnu.org (Alfred M. Szmidt) wrote:
> Please keep discussions related to technical issues about the GNU system, 
> non-free platforms are entierly off-topic for this list.

Please note, @gameonli...@redchan.it sent his letter to two m/l: 
gnu-system-disc...@gnu.org and  gnu-misc-discuss@gnu.org.  I believe, you 
referred
to the first, while asking him to keep it limited to the technical issues.


signature.asc
Description: PGP signature

Re: A GNU “social contract”?

[Dmitry Alexandrov]

Andreas Enge  wrote:
> Proposal of a “GNU Social Contract”
>
> This document states the core commitments of the GNU Project to the broader 
> free software community.  All current GNU Project members have agreed to 
> uphold these values.

In other words, you suggest to tighten the screws even more than @l...@gnu.org 
(his ‘contract’ concerns only maintainers), do you?

Iʼm deeply afraid, you have to choose one of that and “GNU welcomes 
contributors” below.

> The purpose of the GNU Project is to provide software and systems that 
> respect users' freedoms.
>
> * GNU respects users' freedoms

> All software written by us is distributed under copyleft licenses, designed 
> to ensure that developers cannot strip off users' freedom from GNU software.

Iʼd like to remind, that promoting a copyleft from a just a tool applied 
strategically to a unyielding principle would be in contrary to the effective 
recommendations published on gnu.org [1].

[1] https://www.gnu.org/licenses/license-recommendations.en.html#libraries

> Besides upholding the four essential freedoms, we pay attention and respond 
> to new threats to users' freedom as they arise, such as services as a 
> software substitute (SaaSS), use of non-free scripts on web pages, mass 
> surveillance, digital restrictions management (DRM), etc.

Yet again, only the surveillance is _besides_ four computing freedoms.  SaaSS 
is bad exactly because it effectively provides none of them, while DRM and 
nonfree webapps are just nonfree programs.

> * GNU welcomes contributions from all and everyone
>
> We want to give everyone the opportunity to contribute to our efforts on any 
> of the many tasks that require work.  We welcome all contributors…

Many GNU subprojects value ‘recordkeeping’ (per Prof. Moglen [2]) and 
‘protection for FSF’ (per @a...@gnu.org [3]) more than giving anyone an 
opportunity to contribute.   Are you calling for change in priorities?   If 
yes, I would appreciate it, if you name few concrete steps.

[2] https://www.gnu.org/licenses/why-assign.html
[3] 


signature.asc
Description: PGP signature

Re: List posting rules

[Dmitry Alexandrov]

"Carlos O'Donell"  wrote:
> On Sat, Nov 2, 2019 at 2:01 PM Dora Scilipoti  wrote:
>> You, Carlos O'Donell, and your fellow censor Mark Wielaard, should NOT be 
>> the moderators of this list.  You are both signers of a public document that 
>> calls for the removal of Richard Stallman as the leader of GNU, namely the 
>> "Joint Statement." Therefore, your natural bias is to accept messages that 
>> work towards your goal while rejecting those that oppose it.
>
> I agree that I likely exhibit bias, to that end we have invited others to 
> moderate.
>
> Brandon Invergo and Mike Gerwitz are also moderators, specifically to help 
> avoid this kind of bias.
>
> I don't see why I should not be a moderator. Everyone has some kind of bias. 
> Moderation is a difficult task.

(Okay, someone has to voice it, let it be me.)

Could you please invite Dora to become a co-moderator to help you with that 
difficult task?


signature.asc
Description: PGP signature

Re: Support for RMS and criticism of the bottom-up/social contract power grab attempt.

[Dmitry Alexandrov]

Alexandre François Garreau  wrote:
> Le vendredi 1 novembre 2019, 18:37:54 CET Jean Louis a écrit :
>> That was a statement that was created, people from various parts of the 
>> world cannot possibly make a joint statement in same time. There was 
>> initator to that statement, and initator invited other people, and one by 
>> one the list is now on about 30 people.
>
> Afaik that statement was signed only by maintainers and is only to be signed 
> by maintainers.  Am I wrong?

If the statement in question is still the same “Joint statement on the GNU 
Project” [0], then yes, Iʼm afraid, you are.  Absolutely nothing in it implies 
that it should be signed by GNU maintainers exclusively, in fact, it is started 
with “We, the undersigned GNU maintainers and developers...” and quite a few of 
the signers are not GNU maintainers.  And one — Joshua Gay — does not seem to 
be a developer either.

[0] https://guix.gnu.org/blog/2019/joint-statement-on-the-gnu-project/


signature.asc
Description: PGP signature

Re: Need of ‘stubborn governance’

[Dmitry Alexandrov]

Jean Louis  wrote:
> Somebody mentioned first "stubborn". In my opinion word stubborn in relation 
> to RMS does not describe his character well, as stubborn is according to 
> Wordnet dictionary: tenaciously unwilling or marked by tenacious 
> unwillingness to yield -- while other synonyms could maybe fit better, maybe 
> such as "uncompromising" or others, I cannot find better word. Stubborn is is 
> not accurate enough.

I am not able to judge about subtleties of word meanings in English, yet I used 
the phase ‘stubborn governance’ above, and thus have to clarify how I 
understand it and why ‘uncompromising’ is not the same.

They are not the same, because they belong to different axes: ‘uncompromising’ 
is about what to position to have, whereas ‘stubborn’ is about how to make it 
accepted.  For instance, authoritarian leadership might be uncompromising as 
well.

The key pattern for a ‘stubborn’ leader is to repeat the arguments in every way 
and at every occasion over and over until the opponents start to see the point 
in them or are just tired and decide that their position is not really worth be 
argued for any longer.  Not as effective and prompt as authoritarian way, but 
if evade the discussion is not an option, it usually works.

I am not sure, how well it describes RMSʼs way to handle things, but such a 
manner of steering is often necessary to successful lead a volunteer-based 
organization on a long distance, since it always permit those who yielded to 
save face — they were not coerced, but persuaded.


signature.asc
Description: PGP signature

Re: Support for RMS and criticism of the "bottom-up"/"social contract" power grab attempt.

[Dmitry Alexandrov]

Marcel  wrote:
> On 10/31/19 4:11 PM, Dmitry Alexandrov wrote:
>>> On 10/31/19 3:01 PM, Dmitry Alexandrov wrote:
>>>> Marcel  wrote:
>>>>> What I do see are volunteers trying to opportunistically derail the Free 
>>>>> Software Movement at a moment of perceived weakness for RMS.  I read 
>>>>> concerns about the eventual death of RMS to the survival of GNU, yet RMS 
>>>>> is not dead yet, and these detractors are trying to push him out while 
>>>>> he's still alive. I have deep concerns about the day RMS stops being 
>>>>> involved in the Free Software Movement, but that is hardly an argument to 
>>>>> push him out while he's still active and involved.
>>>>
>>>> When heʼs dead, it may be too late to discuss anything.
>>>>
>>>> History teaches us, that a lifework of great leader, who neglects an 
>>>> opportunity to step aside and let his successors to display themselves 
>>>> while still keeping an eye on them, might go rack and ruin in a moment.
>>
>> You donʼt try say, that when ‘detractors’, that want to derail free software 
>> movement (whoever you mean), wonʼt need to push him out first, because heʼs 
>> already dead, it will be any better, do you?
>
> I don't understand the rest of your statement, so I cannot respond.

Your point, as I understand it: the discussion on the future of GNU shall not 
be held because: (1) there are ‘detractors’ who want to derail free software 
movement, and (2) RMS is still with us.

My point: your point is invalid, because the situation will never be better 
than that: (1) ill-wishers to the free software will exist in any foreseeable 
future, while (2) RMS is not.


signature.asc
Description: PGP signature

Re: Support for RMS and criticism of the "bottom-up"/"social contract" power grab attempt.

[Dmitry Alexandrov]

Marcel  wrote:
> What I do see are volunteers trying to opportunistically derail the Free 
> Software Movement at a moment of perceived weakness for RMS.  I read concerns 
> about the eventual death of RMS to the survival of GNU, yet RMS is not dead 
> yet

When heʼs dead, it may be too late to discuss anything.

History teaches us, that a lifework of great leader, who neglects an 
opportunity to step aside and let his successors to display themselves while 
still keeping an eye on them, might go rack and ruin in a moment.


signature.asc
Description: PGP signature

Re: GNU project _does_ discriminate contributors by classes

[Dmitry Alexandrov]

Florian Weimer  wrote:
> Widely misunderstood terms can create quite a mess, as can be seen here:
>
>   
>
> Basically, it turns out that several Bacula contributors signed away their 
> rights twice (“Due to historical reasons Beneficiaries have sometimes signed 
> a second FLA afterhaving signed the first one with either FSFE or Kern 
> Sibbald.”), which is of course not legally possible.

Interesting!  Thank you.

It worth clarifying, though, that the actual link where it can be seen is not 
the above but .


signature.asc
Description: PGP signature

Re: GNU project _does_ discriminate contributors by classes

[Dmitry Alexandrov]

Mike Gerwitz  wrote:
> On Tue, Oct 29, 2019 at 17:43:05 +0300, Dmitry Alexandrov wrote:
>> Jean Louis  wrote:
>>> GNU project does not discriminate by gender, or other classes, neither 
>>> verifies genders of contributors, or their classes, as everybody is welcome 
>>> to contribute
>>
>> To the best of my knowledge, thatʼs completely untrue: major GNU subprojects 
>> do discriminate contributors by classes: if a contributor-to-be happens to 
>> be an employee, FSF does not trust his words about origin of his 
>> contribution, he has to bring a reference from his employer.
>>
>> Speaking frankly, even if we put aside how time-consuming it may be, itʼs 
>> hard for me to imagine what can be more degrading and thus ‘alienating’ to 
>> someone, than a straightaway demand to prove that he is not a liar.
>
> This is a legal issue and has nothing to do with discrimination.

Why do you say that as if discrimination cannot be a legal issue?  (In fact, 
sexual discrimination is sometimes a legal issue, discrimination of minors is 
almost always is a legal issue, discrimination of foreign citizens is a purely 
legal issue.)

In any case, by all means it has to do:

| discrimination (countable and uncountable, plural discriminations)
|
| 3. (sometimes discrimination against) Distinct treatment of an individual or 
group to their disadvantage; treatment or consideration based on class or 
category rather than individual merit
— https://en.wiktionary.org/wiki/discrimination#English

> I had to have my employer sign one of those waivers.  The purpose is to put 
> my contributions on solid legal ground.

No need to convince me that it has a good purpose.  I never supposed, that it 
is groundless, only that:

 a) being magnified in public mind, it contribute more to reputation of GNU as 
an unwelcoming place than vague “not feel at ease” stuff; and

 b) claim that “GNU welcomes contributions from all and everyone” while this 
issue is unresolved might be perceived as hypocrisy and make things even worse.


signature.asc
Description: PGP signature

Re: to what extent is the gnu project philosophical?

[Dmitry Alexandrov]

Andy Wingo  wrote:
> If the work of GNU is fundamentally philosophical, then perhaps yes -- maybe 
> no developer who uses a smartphone is suitable to be a part of GNU 
> decision-making

This is based on implication that ‘smartphone’ is something that inevitably 
runs lots of nonfree software.  Iʼd like to remind, though, that besides sad 
events around RMS this autumn is signified by the release of the first computer 
ever designed to pass the the ‘Respect your freedom’ certification, and it 
happens to be a smartphone.


signature.asc
Description: PGP signature

Re: Support for RMS and criticism of the "bottom-up"/"social contract" power grab attempt.

[Dmitry Alexandrov]

Marcel  wrote:
> On 10/31/19 3:01 PM, Dmitry Alexandrov wrote:
>> Marcel  wrote:
>>> What I do see are volunteers trying to opportunistically derail the Free 
>>> Software Movement at a moment of perceived weakness for RMS.  I read 
>>> concerns about the eventual death of RMS to the survival of GNU, yet RMS is 
>>> not dead yet
>> 
>> When heʼs dead, it may be too late to discuss anything.
>> 
>> History teaches us, that a lifework of great leader, who neglects an 
>> opportunity to step aside and let his successors to display themselves while 
>> still keeping an eye on them, might go rack and ruin in a moment.
>> 
>
> You removed half of the sentence and the rest of the paragraph,
> completely changing the meaning of what I wrote:
>
> What I do see are volunteers trying to opportunistically derail the Free 
> Software Movement at a moment of perceived weakness for RMS. I read concerns 
> about the eventual death of RMS to the survival of GNU, yet RMS is not dead 
> yet, and these detractors are trying to push him out while he's still alive. 
> I have deep concerns about the day RMS stops being involved in the Free 
> Software Movement, but that is hardly an argument to push him out while he's 
> still active and involved.

I did read what you wrote.  You donʼt try say, that when ‘detractors’, that 
want to derail free software movement (whoever you mean), wonʼt need to push 
him out first, because heʼs already dead, it will be any better, do you?


signature.asc
Description: PGP signature

Re: GNU project _does_ discriminate contributors by classes

[Dmitry Alexandrov]

Jason Self  wrote:
> My direct firsthand experience directly conflicts with what you allege to be 
> the case.

Nice to hear this!

However, it shows how inadequate the situation is: one have to collect 
firsthand experience rather than read clear and concise summary on the topic, 
published officially.

And what is published officially sometimes only makes things worse.  E. g., the 
maintainerʼs handbook, you linked above, seems not been updated to reflect, 
that FSF abandoned the requirement of snail mail exchange worldwide:

| Contributors residing outside the USA, Germany or India must mail the signed 
form to the FSF via postal mail.
— https://www.gnu.org/prep/maintain/html_node/Copyright-Papers.html

I also never found any official reference, that a contributor is entitled to 
get back from FSF an all-permissive licence on what he assigned — that 
radically changes the perception of the deal, but again it is backed only with 
anecdotal evidence.

Et cetera, et cetera.  Even the fact, that not every GNU package is owned by 
FSF, is not the common knowledge.

Some argue, that GNU gained an image of unwelcoming place because of some 
jokes.  What I observe in free and ‘open source’ software communities, though, 
is that GNU gained an image an unwelcoming place due to its bureaucratic 
practices — whether they are real or perceived.


> P.S.; there's no need to address the message to me directly - I am on the 
> list.

Excuse me, but such requests always abash me.

Even if we put aside, that (a) the practice of addressing the general public 
while actually taking to a specific person is harmful for readability and 
searchability of MLs in general, and (b) itʼs vital for unreliable premoderated 
lists (and as a bonus, it was exactly what enabled you to reply even before my 
message passed the censor); what exactly are you asking me to do with that 
piece of information?  To keep it in mind? :-\

If one has troubles in configuring his mail server / useragent and, despite all 
of the above, want to shift the burden of satisfying his preferences to _every_ 
his correspondent, there are formal ways to do that, the headers: a simple and 
static ‘Mail-Copies-To: never’, and no so simple ‘Mail-Followup-To’, which is 
no point to explain here, either his MUA supports it for the case or does not.

By the way, you might notice now, that all my mail have ‘Mail-Copies-To: 
always’ set, which supposed to instruct MUAs _not_ to tamper with the list of 
recipients in the way that excludes me from it.  In rarely helps, though: 
those, who use good MUAs, that respect it, rarely come up with an idea to drop 
an actual correspondent from ‘To’.


signature.asc
Description: PGP signature

Re: GNU project _does_ discriminate contributors by classes

[Dmitry Alexandrov]

DJ Delorie  wrote:
>> if a contributor-to-be happens to be an employee, FSF does not trust his 
>> words about origin of his contribution,
>
> This seems reasonable to me in the USA.
> Given how complex employment contracts are, it's reasonable to ask for a 
> legal disclaimer from employers
> It's not about trusting the people involved...

...rather about having doubts whether they are intelligent enough to understand 
their own employment contract.  Much a relief! :-D

But thatʼs actually not the point, I never suggested that it is not reasonable. 
 I am not able to judge.  On the contrary, as I already said [1]:

| And that discrimination may be a well-justified choice — justified by the 
goal of GNU project: to develop a free operating system.  After all, nothing in 
it implies that the development should be welcoming for everyone.  Many, 
including probably the most widespread free program in the world — SQLite, do 
not welcome contributors at all.

What made me remind about it now, was not (only) the practice by itself, but 
(also) how it looked in context of the topic — a proposed ‘GNU social contract’:

| However, now @l...@gnu.org is proposing fundamental change: to make ‘welcomes 
contributions’ a principle in itself along with ‘respects freedom’.  And it 
also may turn out to be a very good decision: bazaar development indeed proved 
to be quite effective.  Besides direct interests, a positive populist effect is 
expected too: many of those who would be proud to become GNU contributors, but 
are stopped by current discriminative policies, will be happy about that change.
|
| But are you all really calling for changes, or these ‘all and everyone’ are 
mere buzzwords to please angry SJWs out there?  If the latter, they sound 
hypocritical as hell, sorry.

[1] 

> Also consider that some of us might be using the USA legal definition of 
> "class" here wrt discrimination:
>
>   https://definitions.uslegal.com/p/protected-class/
>
> Defining your own classes outside of those might lead to misunderstandings.

That’s really enlightening, thank you!  I was aware of the trend to overload 
definition of class:

| (sociology, countable) A social grouping, based on job, wealth, etc.
— https://en.wiktionary.org/wiki/class#English

with arbitrary meanings, but till today I did not realize, that it drown in 
them completely, so that the original one might be passed for ‘my own’.


signature.asc
Description: PGP signature

Re: GNU project _does_ discriminate contributors by classes

[Dmitry Alexandrov]

Jason Self  wrote:
> On Tue, 2019-10-29 at 17:43 +0300, Dmitry Alexandrov wrote:
>> To the best of my knowledge, thatʼs completely untrue: major GNU subprojects 
>> do discriminate contributors by classes: if a contributor-to-be happens to 
>> be an employee, FSF does not trust his words about origin of his 
>> contribution, he has to bring a reference from his employer.
>>
>> Speaking frankly, even if we put aside how time-consuming it may be, itʼs 
>> hard for me to imagine what can be more degrading and thus ‘alienating’ to 
>> someone, than a straightaway demand to prove that he is not a liar.
>
> I believe this to be a mischaracterization of the situation.
>
> This is related to the copyright assignment mentioned earlier. As an example, 
> some have employment contracts with wording to the effect that "anything you 
> ever do anywhere ever always belongs to us no matter what." People with such 
> employment contracts aren't able to assign the copyright for their work 
> because it was never theirs to begin with and the employer needs to do so. 
> The information at [0] mentions this that "we ***may*** also need an 
> employer’s disclaimer..." because...

...FSF does not believe in GNU contributorsʼ honesty?

> it is not required for all situations of all people with employers (with your 
> "if a contributor-to-be happens to be an employee" statement.) I did not have 
> to get one, for example, even though I am employed because I am not in such a 
> situation.

Could you elaborate, if thatʼs not a secret?  Did you not have to get one, 
because some paper already was in your possession and you send a copy of it?


signature.asc
Description: PGP signature

Re: Need of ‘stubborn governance’

[Dmitry Alexandrov]

a...@gnu.org (Alfred M. Szmidt) wrote:
>Excuse me, do GNU actually have precedents when the ‘stubborn 
> governance’ was proved to be needed to keep things free?
>
> Readline, Objective-C backend, not allowing propietery hackery with GCC, 
> GPLv3 and Tivioization, Emacs and plugins, come to mind.

Thank you.  However, Iʼd appreciate if your answer were more verbose.  I am not 
so good at history.

> Emacs and plugins

Refers to the question whether there should be a formal API to denote that the 
library is under GNU GPL-compatible terms, right?

> not allowing propietery hackery with GCC

Refers to the suggestion to make GCC licence more permissive to compete with 
LLVM better, right?

> Objective-C backend

Refers to events of 30 years ago, right?

Whatʼs about Readline and Tivoization, though?

>IIRC, @l...@gnu.org and Co. were initially going to reserve ‘Guix’ for 
> package manager only, while calling the system distribution ‘GNU’ — 
> simply ‘the GNU’

>Being made that way, despite all the best intentions they had, it would be 
> obviously perceived as a statement “we are the proper and pureblood GNU, 
> while Debian and other GNU distributions are impostorsâ€, so RMS, of course, 
> strongly opposed that.
>
>How such an issue would be supposed to be resolved with a 
> ‘non-stubborn’ governance?
>
> To understand a opposition, one needs to know the why.  Taking your statement 
> at face value as to what might have been said, that is, calling other free 
> systems for "lesser systems" would be unfriendly and unkind, so why do that?  
> That in it self would be a good reason to strongly object to such a statement 
> since it would alienate people working on other free systems.
>
> But now knowing the precise words used, making any fair analysis of the 
> decision is hard, and a simply way to find a false reasoning is to call it 
> "stubborn" or similar.

Sorry, I re-read this several times, yet still do not follow.  Could you recap 
it in a simpler language?


P. S. Are you aware, that your MUA munges multibyte mail?


signature.asc
Description: PGP signature

GNU project _does_ discriminate contributors by classes (was: A GNU “social contract”?)

[Dmitry Alexandrov]

Jean Louis  wrote:
> GNU project does not discriminate by gender, or other classes, neither 
> verifies genders of contributors, or their classes, as everybody is welcome 
> to contribute

To the best of my knowledge, thatʼs completely untrue: major GNU subprojects do 
discriminate contributors by classes: if a contributor-to-be happens to be an 
employee, FSF does not trust his words about origin of his contribution, he has 
to bring a reference from his employer.

Speaking frankly, even if we put aside how time-consuming it may be, itʼs hard 
for me to imagine what can be more degrading and thus ‘alienating’ to someone, 
than a straightaway demand to prove that he is not a liar.

Thatʼs why I have mixed feeling about @l...@gnu.orgʼs proposal to introduce 
“welcomes contributions from all and everyone” in GNU.  On the one hand, words 
sound extremely promising.  On the other hand, actions taken so far do not 
suggest that anyone is really going to put an end to discrimination here, 
@m...@klomp.orgʼs “next generation of GNU leaders” seems to be far more 
concerned with fighting jokes.


signature.asc
Description: PGP signature

Re: gnu-misc-discuss@gnu.org is premoderated

[Dmitry Alexandrov]

"Carlos O'Donell"  wrote:
> On Mon, Oct 28, 2019 at 10:21 AM Dmitry Alexandrov <321...@gmail.com> wrote:
>> Mark Wielaard  wrote:
>> > On Mon, Oct 28, 2019 at 05:22:48AM +0300, Dmitry Alexandrov wrote:
>> >> Iʼd like to report that my message number d0eidcqu.321...@gmail.com 
>> >> (below), sent a day ago to gnu-misc-discuss@gnu.org (which I am 
>> >> subscribed on and usually have no problems to post to), had not landed to 
>> >> the archive [0] for unknown reason — I did not get any failure 
>> >> notification.
>> >
>> > The list is [pre]moderated, simply wait till a moderator accepts or 
>> > rejects your messages.
>>
>> Funny.  Either the moderators were so efficient earlier so I never noticed 
>> that, or thatʼs a fairly recent policy, that was introduced secretly (I do 
>> not see any announcement).  May I ask, which it is?
>
> I placed the list on moderation to help with cooling down heated discussions.

Thank you for clarification.

I (and, I dare suppose, others too) will appreciate, if the next radical change 
in policy (in either direction) will be publicly announced to prevent 
misinterpretations.

> It is entirely within the normal bounds of list management to use moderation.

(Un)fortunately, I am not familiar with the list management within these 
bounds, so could you enlighen me, how should I get known, that my letter is 
rejected by a censor?  Will I get a notification with the reason explained?


signature.asc
Description: PGP signature

Re: Turning GNU into a bottom-up organization

[Dmitry Alexandrov]

Jean Louis  wrote:
> * Florian Weimer  [2019-10-24 16:32]:
>> * Alfred M. Szmidt:
>> 
>> > Debian renegaded on their goal of being a 100% free software system, they 
>> > now include non-free software.  That is the danger, and it is very much 
>> > real.
>> 
>> And GNU comes with non-free documentation.  We are not going to reach 
>> agreement on these points any time soon.
>
> Could you please give me references to it? I am genuinely interested where?

He evidently uses ‘non-free’ in Debianish sense of that word, where GNU FDL 
with invariant sections considered non-free.


signature.asc
Description: PGP signature

Re: Turning GNU into a bottom-up organization

[Dmitry Alexandrov]

Florian Weimer  wrote:
> * Alfred M. Szmidt:
>> Debian renegaded on their goal of being a 100% free software system, they 
>> now include non-free software.
>
> And GNU comes with non-free documentation.

He-he.  Could you please remind us, under what terms Debian Wiki is distributed?


signature.asc
Description: PGP signature

Re: emailselfdefense.fsf.org indirectly recommends a proprietary service through the new Enigmail defaults

[Dmitry Alexandrov]

Jean Louis  wrote:
> * Dmitry Alexandrov <321...@gmail.com> [2019-10-28 17:53]:
>> the SKS keyserver network — the de-facto standard for years — is not 
>> [proprietary], it is a decentralized replicated network — like Usenet; while 
>> keys.openpgp.org, to carry on the analogy, is like Facebook.
>
> Yes, I would say it should be decentralized.

I did not expect any other answer here — at libreplanet-discuss.  The question 
is: what to do?  First of all, how to make that clear to those who do not see 
any danger in the situation — like Werner Koch?

> But I see the problem

What problem?

> and that problem is temporarily solved by that service.

In any case, if thatʼs a ‘solution’, I have much better one: cease to use email 
and PGP, and switch to, say, WhatsApp.

>> Maybe.  In meantime, SKS is _fully operational_.
>
> Is it?

Yes.  Dozens of keyservers are still there and provide all the services they 
used to provide.

> Is the security problem solved?

There was no any security problem.

There is a performance problem not in SKS but _in GnuPG_, that rendered it 
unusable for polluted ‘web of trust’.  It was ‘solved’ by disabling ‘web of 
trust’ functional by default.  It still can be enabled if you need it and ready 
to face GnuPGʼs bugs.  But most of GnuPGʼs users — including me and you — did 
not use ‘WoT’ anyway, so there is no any problem for them at all.

Please note, the proprietary keyserver does not provide support for ‘WoT’ at 
all.  It also lacks other features of SKS and impose arbitrary restrictions on 
you: for instance, you are not allowed to specify more that one email address.

But these are minor issues compared to the fact, that it is a walled garden 
specifically designed to collect all the data in a single place and keep it 
secret.

>> FWIW, I got your key from SKS network and have no idea, where else I could.  
>> You, I suppose, got mine in the same way.
>
> You would ask person. That is number one. You could find keys on websites, 
> but in general you ask people.
>
> Finding key on the server is not essential.

To repeat: I found you key on the keyserver, and have no clue where it could 
find else.

In other words, your statement is equivalent to “using encryption is not 
essential for mail exchange”.  Yes, it is not: I could mail you in cleartext 
and by all means would do that, if had not located your key.

> I do not even know did I publish it or not, I do not know.

Yes, you did.  And thatʼs the _only_ standard way you made it available:

$ gpg --auto-key-locate=nodefault,cert,pka,dane,wkd,keyserver 
--locate-keys bugs@gnu.support
gpg: error retrieving 'bugs@gnu.support' via DNS CERT: Not found
gpg: error retrieving 'bugs@gnu.support' via PKA: Not found
gpg: error retrieving 'bugs@gnu.support' via DANE: Not found
gpg: error retrieving 'bugs@gnu.support' via WKD: No data
gpg: key 12BC51224B9DC65C: "Jean Louis " not changed
gpg: Total number processed: 1
gpg:  unchanged: 1
gpg: automatically retrieved 'bugs@gnu.support' via keyserver
pub   rsa2048 2016-11-13 [SC]
  BFDFE35C128B5DF0E21E5F0812BC51224B9DC65C
uid   [ unknown] Jean Louis 
sub   rsa2048 2016-11-13 [E]

You do not use Autocrypt either, so itʼs extremely sad, that you did that 
unintentionally.  I wish PGP to gain more adoption.

But thatʼs entirely different topic: the question is not whether PGP should 
gain more adoption and how to publish keys, if yes.

The question is about choice between two keyserver networks: one is 
decentralized (and featureful), another is proprietary (and crippled).  Is not 
the answer obvious?


signature.asc
Description: PGP signature

Re: emailselfdefense.fsf.org indirectly recommends a proprietary service through the new Enigmail defaults

[Dmitry Alexandrov]

Jean Louis  wrote:
> * Dmitry Alexandrov <321...@gmail.com> [2019-10-28 15:21]:
>> Even if FSF, like Werner Koch , believes that there is 
>> nothing wrong ethically with steering users to an isolated proprietary 
>> service, the guide is simply incorrect factually.
>
> Do you refer to online service?

Yes, to https://keys.openpgp.org.

> Are not all websites proprietary? Even if they allow copying, websites still 
> belong to somebody.

Yes, all websites are proprietary.  However, not every type of online service 
is.  Or ‘network’, if you not like the word ‘service’.

In particular, the SKS keyserver network — the de-facto standard for years — is 
not, it is a decentralized replicated network — like Usenet; while 
keys.openpgp.org, to carry on the analogy, is like Facebook.

>> However, since the last week this is no longer true, as Patrick Brunschwig 
>> , an author of Enigmail, making use of a recently 
>> exploited security flaw in SKS network, which the guide describes, changed 
>> the default keyserver from the SKS round-robin pool, to a *proprietary 
>> centralized service* [2], “one of whose initiators” he was, and which does 
>> _not_ share the base with with SKS: as of now, it provides info for about 5 
>> 000 email’s (SKS — for about 5 000 000 keys).
>
> I understand there is issue with SKS network

With GnuPG.  And it had been quickly fixed (if disabling a feature could be 
called a ‘fix’).

> and that Patrick found some solution to the problem.

Yes, and the solution was: silently (without consent or even notification) 
alter both the defaults and any _manual configurations_ done, thus luring all 
unsuspicious Enigmail users from the standard distributed network into some 
freshly established private service, where centralized control over all the 
data is _not_ a child illness, but a design.  Clever, is not it?

> So far that is not running of proprietary software,

What does it matter, what software it runs: free or not [0], if I am not 
allowed to run an own server of that network in any case?

[0] https://www.gnu.org/philosophy/network-services-arent-free-or-nonfree.html

> Centralized services we know by history, that shall be avoided.

Exactly.  Especially when the distributed network not merely exists, but prior 
that diversion was virtually the only choice.

> Maybe it is time to write new SKS-type of decentralized PGP servers as a new 
> software.

Maybe.  In meantime, SKS is _fully operational_.

> In my sphere of work we use GnuPG keys, but we do not use servers. It is not 
> the only way to exchange PGP keys.

FWIW, I got your key from SKS network and have no idea, where else I could.  
You, I suppose, got mine in the same way.

In any case, thatʼs irrelevant topic.


signature.asc
Description: PGP signature

Re: “GNU welcomes contributions from all and everyone” in context of the proposed “GNU social contract”

[Dmitry Alexandrov]

Jason Self  wrote:
> Dmitry Alexandrov <321...@gmail.com> wrote:
>> Mark Wielaard  wrote:
>>> On Sat, 2019-10-26 at 02:45 +0300, Dmitry Alexandrov wrote:
>>>> Ludovic Courtès  wrote:
>>>>> * GNU welcomes contributions from all and everyone
>>>>>
>>>>> The GNU Project produces software for anyone to use, but also wants to 
>>>>> give everyone the opportunity to contribute
>>>>
>>>> Curious.  Prior paragraphs were substantiated by links to extensive 
>>>> articles on gnu.org, while this is not.  Is that a novelty?
>>>
>>> https://www.gnu.org/philosophy/kind-communication.html
>>
>> Note, that @r...@gnu.org did not mention the main ‘demographic 
>> characteristic’ — a class.  And perhaps that is not a coincidence: as you 
>> know, unlike many other free software developments, major subprojects of GNU 
>> [0] are very selective about from whom they are accept contributions.  
>> Everyone have to pass though a … bureaucratic process [1], but employees are 
>> also have to pass through even longer and humiliating procedures to prove 
>> that they are not liars [2].
>
>> [...that is] many are less welcome than some.
>
> Some GNU packages do require copyright assignment to the FSF but anyone is 
> able to do so.

Iʼm afraid, your answer does not align well with what you are replying on 
(restored above).  Is what I said factually wrong?

You prefer to focus on technicalities of document exchange, while that was not 
the point of my letter.  “GNU welcomes contributions from all and everyone” and 
what is under that title implies, first and foremost, not a convenience, but 
the absence of _discrimination_ of any kind.

> [0] https://www.fsf.org/blogs/licensing/fsf-to-begin-accepting-scanned
> -assignments-from-germany

I would like to suggest you how to fix that, but unfortunately your MUA 
(Evolution) seems to be so GNOME-ish, that you canʼt disable hardwrapping 
without patching it.  The only options are either switch to composing HTML-only 
messages or to press Ctrl-7 every message you type.


signature.asc
Description: PGP signature

Re: gnu-misc-discuss@gnu.org is premoderated (was: ML posting issues)

[Dmitry Alexandrov]

Mark Wielaard  wrote:
> On Mon, Oct 28, 2019 at 05:22:48AM +0300, Dmitry Alexandrov wrote:
>> Iʼd like to report that my message number d0eidcqu.321...@gmail.com (below), 
>> sent a day ago to gnu-misc-discuss@gnu.org (which I am subscribed on and 
>> usually have no problems to post to), had not landed to the archive [0] for 
>> unknown reason — I did not get any failure notification.
>
> The list is [pre]moderated, simply wait till a moderator accepts or rejects 
> your messages.

Funny.  Either the moderators were so efficient earlier so I never noticed 
that, or thatʼs a fairly recent policy, that was introduced secretly (I do not 
see any announcement).  May I ask, which it is?


signature.asc
Description: PGP signature

Re: Need of ‘stubborn governance’ (was: Turning GNU into a bottom-up organization)

[Dmitry Alexandrov]

a...@gnu.org (Alfred M. Szmidt) wrote:
>> The only way tackle non-free software is to explicitly reject it, at all 
> times.
>
>Then we can write that in a GNU social contract, instead of having to rely 
> on stubborn governance.
>
> Yet again, you argue that we should have a weaker governance -- that 
> "stubborn governance" is what is needed to keep things free.

Excuse me, do GNU actually have precedents when the ‘stubborn governance’ was 
proved to be needed to keep things free?

In any way, may I chime in with a suggestion to consider the concrete cases 
when ‘stubborn governance’ had been come into action.

For instance, one important issue of the last years, I can recall, was a Guix 
naming.

IIRC, @l...@gnu.org and Co. were initially going to reserve ‘Guix’ for package 
manager only, while calling the system distribution ‘GNU’ — simply ‘the GNU’: 
they presented it as ‘GNU’ at GHM and FOSDEM, published the first alpha 
releases of ‘GNU’, and even the /gnu/ hierarchy is a remnant of that intention.

Being made that way, despite all the best intentions they had, it would be 
obviously perceived as a statement “we are the proper and pureblood GNU, while 
Debian and other GNU distributions are impostors”, so RMS, of course, strongly 
opposed that.

How such an issue would be supposed to be resolved with a ‘non-stubborn’ 
governance?


signature.asc
Description: PGP signature

Re: “GNU cares for computer user freedom beyond software” (was: A GNU “social contract”?)

[Dmitry Alexandrov]

Ludovic Courtès  wrote:
> * GNU cares for computer user freedom beyond software

Does the title reflect well what is under it?  Among SaaS(S), nonconsently 
installed (java)scripts, DRM and surveillance, only surveillance issues go 
beyond software.


signature.asc
Description: PGP signature

Re: “GNU welcomes contributions from all and everyone” (was: A GNU “social contract”?)

[Dmitry Alexandrov]

Ludovic Courtès  wrote:
> * GNU welcomes contributions from all and everyone
>
> The GNU Project produces software for anyone to use, but also wants to give 
> everyone the opportunity to contribute

Curious.  Prior paragraphs were substantiated by links to extensive articles on 
gnu.org, while this is not.  Is that a novelty?


signature.asc
Description: PGP signature

“GNU software is distributed under the terms of [copyleft] licenses” (was: A GNU “social contract”?)

[Dmitry Alexandrov]

Ludovic Courtès  wrote:
> * GNU licenses uphold user freedom
>
> The GNU Project has designed software licenses to ensure developers cannot 
> strip off user freedom from GNU software—“copyleft” licenses.  GNU software 
> is distributed under the terms of these licenses.

Sorry, but thatʼs simply untrue.   Few GNU software packages are under lax, 
non-copyleft licences, namely: ncurses, nana, speex.  And there might be a good 
reason for that [1].

[1] https://www.gnu.org/licenses/license-recommendations.en.html#libraries


signature.asc
Description: PGP signature

Re: Free spyware (was: Turning GNU into a bottom-up organization)

[Dmitry Alexandrov]

Colby Russell  wrote:
> consider the case of bona fide spyware that turns out to be released by its 
> author under GPLv3.  It therefore guarantees your ability to exercise the 
> four freedoms, but does it actually *respect* the user's freedoms?

If besides being shipped under a free licence it is shipped in sources, it does 
respects these freedoms.  How did you come to the conclusion that it may not?  
Or do you imply that users shall not be permitted to have a freedom to being 
spying on? ;-)

> I later reread "Why Open Source Misses the Point of Free Software" 
>  and saw 
> that the subject was already broached in the section "Powerful, Reliable 
> Software Can Be Bad".  RMS writes:
>
>   This software might be open source and use the open source development  
> model, but it won't be free software
>
> If that's the case, then it has to be true that the four freedoms are 
> necessary but not sufficient to say that a piece of software is free software.

Please, do not distort RMSʼs words by quoting them selectively in the wrong 
context.  The article says nothing about free software that is spyware, it 
reads:

| Yet some open source supporters have proposed “open source DRM” software. 
Their idea is that, by publishing the source code of programs designed to 
restrict your access to encrypted media and by allowing others to change it, 
they will produce more powerful and reliable software for restricting users 
like you. The software would then be delivered to you in devices that do not 
allow you to change it.
|
| This software might be open source and use the open source development model, 
but it won't be free software since it won't respect the freedom of the users 
that actually run it. If the open source development model succeeds in making 
this software more powerful and reliable for restricting you, that will make it 
even worse.

Key words are “do not allow you to change it”.  Cf. tivoization.


signature.asc
Description: PGP signature

Re: Enigmail/PEP mangles GPG configs. Other choices for a MUA

[Dmitry Alexandrov]

Werner Koch  wrote:
>> Now you apparently would like to try the innovative PEP-enhanced Enigmail 
>> 2.1 by yourself to see all these fancy things with your own eyes, so I must 
>> warn you: *it mangles ~/.gnupg/gpg.conf and ~/.gnupg/gpg-agent.conf*, so 
>> take precautions.
>
> That is okay

Well, it was not okay for me.  pass(1) failed to work after that.  Thanks gods, 
I revise my configs with git, so it was just two commands to find out the 
offending pieces and revert them back.  Now I wonder, how probable it is, that 
target audience of that ‘Junior Mode’ does the same.

> all frontends can do that and we even provide an interface to do this.

Thanks, I’ll be on alert.

> There are other choices for a MUA for example Kmail, where my associate Andre 
> is deeply involved in the crypto.

Yes, indeed.  And I actually never fully understood, why everyone still 
recommends a novice GPG user to deal with a couple of Thunderbird + Enigmail, 
where the core functionality required is implemented as an extension over an 
API, that becomes lamer and lamer from release to release.


signature.asc
Description: PGP signature
___
gnu-misc-discuss mailing list
gnu-misc-discuss@gnu.org
https://lists.gnu.org/mailman/listinfo/gnu-misc-discuss

Re: “Keyservers are actually useless these days and I wish they could go away”

[Dmitry Alexandrov]

Werner Koch  wrote:
> On Wed, 17 Jul 2019 14:44, 321...@gmail.com said:
>> Werner Koch  wrote:
>>> Keyservers are actually useless these days and I wish they could go
away.
>>
>> An advocate of the ‘Web of Trust’ hardly agrees with that.  I am not the 
>> one, however I’m really intrigued — what do you suggest to use instead.
>
> If the goal is to make end-to-end encryption a standard on the Internet we 
> need to get away from geeky things like the WoT which is too complicated to 
> explain it to hackers in a few words.

I am not quite sure, why do you believe that a social network is a ‘geeky 
thing’, but in any case ‘to get away from something’ does not mean ‘to kill 
it’, does it?

> For the geek factor I really like it and it is quite possible that we will 
> develop ideas on how to keep it alive despite of the too obvious DoS attacks 
> on the keyservers.

I’m really glad to hear it, even though am have not been fan of it (as well as 
social networks in general).

>> What might the substitute [for keyservers]?  Bittorrent?  Blockchain?
>
> I propose the use of the Web Key Directory (WKD), which is a lookup of keys 
> from the webserver matching the domain of the mail address.

Yes, that is a means of publishing keys, that is normally controlled by one of 
the two possible attackers, is not it?

> The advantage is that you the entity assigning mail addresses also vouchs for 
> the matching key.

And the disadvantage is the same.  So even a proprietary service like 
keys.openpgp.org looks better from the security terms than WKD.

> This is already the default in GnuPG if you specify a recipient by mail 
> address.

And that is to my perplexity.  Why?!

> For those mail provider which will never implement that due to their business 
> model there is fallback solution: On the first contact a signed (but not 
> encrypted) mail is sent.  The recipient then gets the information for the key 
> from that signature and can may retrieve the key directly from the mail, or 
> via fingerprint from a keyserver, or via the mail address from the WKD.  Thus 
> the reply will already be encrypted and initial trust has been established.  
> We call this auto-key-retrieve.  This obviously needs support from the MUA.

Hm, what’s wrong with Autocrypt?

> Both schemes are implemented in Enigmail but are meanwhile hidden benhind the 
> other key discovery schemes.

And with transitioning to PEP-mode, they are both (along with Autocrypt) are 
obsoleted, as far as I see.

>>> Looking up key at a keyserver does not give you any indication that the key 
>>> belongs to the claimed mail address.
>>
>> But they was never intended to do so, was they?
>
> Right.  But in practise people assumed tha this is the case and complained 
> when a faked address was on the keyserver.

Indeed, some are.  But is following wrong expectations is the right thing to 
do?  This is the Internet after all: it’s full of fakes.  People should be 
sceptic there.

And to repeat it again, ability to verify any info (and email in particularly) 
does not require passing the full control of the data to a central authority, 
as verification is about appending the data, not removing it.  If no one have 
done this till today, maybe the problem is not so prominent in fact?

> The WoT does not scale

Pardon?  I hope, I can understand, how _SKS keyserver_, a software, does not 
scale well, but how could WoT per se, a concept of a social network, scale or 
not scale?

>> They are means to reliably _publish_ your key, and they have been doing 
>> their job fairly well, as far as I can tell.
>
> Nope.  We need keyservers only for key revocation and best also for lookup of 
> the basic key via fingerprint.

That is, my initial gladness was premature?  You _are_ going to kill keyservers 
as they exist now?

I have to admit, that this proposition looks really weird to me: to create one 
of the world first social networks, that have been shown a stable growth in 
userbase all those years despite being abandoned by developers and hardly 
usable, and finally, in 2019, declare that nobody needs it?

>> I suppose, few would have anything against a default server that also 
>> optionally performs an email / SIP / GNU Social / whatever check, as long 
>> it’s not a walled garden like keys.opengpg.org, that is that is detached 
>> from the de-facto standard network (that was SKS) and therefore breaks 
>> seamless compatibility between various GPG frontends and GPG-compatible 
>> clients.
>
> I would not call that small project...

Small?  It has been there for about a month, has not get its full strength yet 
(Enigmail will start uploading all keys there when Thunderbird 68 releases), 
though already has above 5 000 users.

> I would not call that small project a walled-garden and I even don't think 
> that it ever will be.

Okay, as you prefer it.  That’s after all only a metaphor, not a well-defined 
term, so it’s hard to assert that I’m using it appropriately.  I can only 
cla

Re: emailselfdefense.fsf.org indirectly recommends a proprietary service through a new Enigmail defaults

[Dmitry Alexandrov]

Werner Koch  wrote:
> On Wed, 17 Jul 2019 14:37, 321...@gmail.com said:
>>> A problem is the single-point-of-validation (done via mail confirmation) 
>>> which puts [keys.openpgp.org] in a position like X.509 CAs.
>>
>> That is, mister Brunschwig is willing to add other keyservers on a par with 
>> keys.openpgp.org?  Who will be an auditor (like webtrust.org)?
>
> I don't understand.

There are _many_ X.509 root certificates shipped by operating systems and 
user-agents and equally respected by them by default.  webtrust.org are those 
who audits CAs and advises OS / UA developers whether they can trust their 
users’ security to a certain CA or not.  While keys.openpgp.org is now the 
_only one_ proprietary keyserver network used in Enigmail by default.

>> And Enigmail is like a software that encourages any user to get a CAcert 
>> certificate ‘in two clicks’, not even informing him, that they not 
>> univarsally accepted
>
> How is that different from software uploading to SKS.

In two major points:

1. SKS is (or was, prior this diversion) a de-facto standard, so those who 
unilaterally switched from it had broken the compatibility with GPG and other 
GPG-compatible tools.  This is bad enough, but not so bad as the second point.

2. SKS is a peered network (if you do not like the word ‘distributed’), while 
keys.openpgp.org is a proprietary service.

>> [keys.openpgp.org is] a part (as of now, the only part) of a proprietary 
>> network — just like, say, Facebook.  While SKS is a distributed network — 
>> like Usenet.
>
> Nope.  To use the distributed (actually replicated) SKS you need to get onto 
> Kristian's list.  Kristian has certain rules on what servers he puts on the 
> list.  This currently means you need to have several SKS instances running 
> behind a loadbalancer.

I need to get onto list to do what?  To use as in ‘user’?  Definitely not.  To 
massively download keys?  No, I do not.  To massively upload keys?  Well, I 
never tried, but if I need to get an approval to to this, who have flooded the 
network with fake signatures then?  I have to meet some technical requirements 
to be admitted into the community in order to become a first-class peer of the 
network?  So with Usenet, so the analogy was perfectly valid.

> For year now this had the effect that there are only two persons running SKS 
> keyservers.

>> Unless you mean an entity that controls root DNS of the Internet, for sure, 
>> DNS of SKS *network* is _not_ under control of a single person.
>
> Nope, it is.  The network is DNS and certificate based and there is one 
> person controlling it.

I really do not understand you.  Under whose control 
https://keyserver.ubuntu.com is?  And https://pgp.mit.edu?  Or 
https://pgp.neopost.com and https://peegeepee.com?  Are they under Kristian’s 
or that second person’s?

> I pretty sure everyone in the community trusts Kristian to do the Right Thing 
> as most users also trust Patrick, me, or any other GNU author.

This is not about trust or mistrust to some specific person.  Decentralisation 
is about freedom not to rely upon a good will, abilities or even the fact of 
existence (do not underrate the so called ‘bus factor’) of _any_ single person.

> In fact, keys.openpgp.org has some advantages for some user and those who do 
> not understand the goal of the GDPR

So Facebook has _lots_ of advantages for _lots_ of users.  Advantages is not 
what I am trying to speak about here.

> Enigmail has its own policy and I do not like some of them ... but ... they 
> all have defaults which are set to best serve their users.

It seems, that you are not of very high opinion of Enigmail users, if you 
believe, that proprietary service is the best for them. :-)

>> With SKS, when the default entry point is down, I can simply choose the 
>> other one, and if I am paranoid I can command GPG to check several 
>> keyservers — results must be identical, am I right?
>
> You can do the very same in Enigmail.

Oh...  What does it matter, what users of Enigmail can or cannot do?

As some wise person on this thread pointed out: “If you want get something in 
use you need to have it has default.  Virtually nobody changes options”.  :-)

So what matters is what they are _in fact_ going to do.

First, they are going to cease look keys up on the SKS Net.  Actually, I bet, 
100 % of those who installed their Enigmail from addons.thunderbird.net had 
already ceased, as there was no any questions on whether they want to switch to 
a proprietary service or stick with the standard one — keyserver had been 
rewritten, even it was manually configured.  And secondly, after updating to 
Thunderbird 68 + Enigmail 2.1 they will start to bring their new keys to an 
isolated server.

So neither Enigmail users will be any longer able to find keys of those who 
stays on GPG defaults, nor the latter — to find keys of trustful Enigmailers 
without becoming users (anonymous, yet users) of a specific proprietary service.

That’s w

Re: “Keyservers are actually useless these days and I wish they could go away”

[Dmitry Alexandrov]

Werner Koch  wrote:
> Keyservers are actually useless these days and I wish they could go away.

An advocate of the ‘Web of Trust’ hardly agrees with that.  I am not the one, 
however I’m really intrigued — what do you suggest to use instead.

> Looking up key at a keyserver does not give you any indication that the key 
> belongs to the claimed mail address.

But they was never intended to do so, was they?  They are mean to reliably 
_publish_ your key, and they have been doing their job fairly well, as far as I 
can tell.  What might the substitute?  Bittorrent?  Blockchain?

> A validating key server tries to fix this by claiming authority to check the 
> mail.

That’s an interesting sociotechnical task, but the topical issue is not about 
verifying vs non-verifying.

I believe, nobody opposes to running a proprietary service for distributing 
keys, verifying or not, gratis or paid (yes, why not?).  Setting it as a 
default is what I see as a dubious act.

Moreover, I suppose, few would have anything against a default server that also 
optionally performs an email / SIP / GNU Social / whatever check, as long it’s 
not a walled garden like keys.opengpg.org, that is detached from the de-facto 
standard network (that was SKS) and therefore breaks seamless compatibility 
between various GPG frontends and GPG-compatible clients.


Actually, if I am not mistaken, before the SKS-based WoT practically went out 
of operation after the DoS-attack, doing that did not require any changes 
neither in SKS, nor in GPG: a server could check the email and sign a key, and 
a frontend check its signature — that’s all.  Or am I mistaken?

> However, this gets us back into the X.509 centralized world.

But that does not, so long as no one is forbidden to run yet another verifier, 
connected to the common WoT.


signature.asc
Description: PGP signature
___
gnu-misc-discuss mailing list
gnu-misc-discuss@gnu.org
https://lists.gnu.org/mailman/listinfo/gnu-misc-discuss

Re: emailselfdefense.fsf.org indirectly recommends a proprietary service through a new Enigmail defaults

[Dmitry Alexandrov]

Werner Koch  wrote:
> On Tue, 16 Jul 2019 07:43, 321...@gmail.com said:
>
>> describes, changed the default keyserver from the SKS round-robin pool, to a 
>> *proprietary centralized service* [2], “one of whose
>
> Although I have some concerns with those validating keyservers, like 
> keys.openpgp.org, it is wrong and unfair to call this one proprietary.

And I did not. ;-)  I called keys.openpgp.org a proprietary *service*, not a 
proprietary server [software].  I. e. a service, that has an owner = 
proprietor, who solely controls it.

If you do not like the word ‘proprietary’ in its original meaning [1], let’s 
call it simply ‘private’ (though I prefer the former since ‘private’ may also 
stand for ‘personal’ = run by me for myself).

[1] https://en.wikipedia.org/wiki/Proprietary

> This keyserver is not more proprietary than any other key servers.

Yes, but it’s a part (as of now, the only part) of a proprietary network — just 
like, say, Facebook.  While SKS is a distributed network — like Usenet.

> In fact the code is under the AGPL so some may consider this even a benefit 
> (I have a different view but that is not the topic here).

Yes, I positively agree with you.   What software some service runs on their 
machines hardly makes any difference for its user.

> A problem is the single-point-of-validation (done via mail confirmation) 
> which puts them in a position like X.509 CAs.

That is, mister Brunschwig is willing to add other keyservers on a par with 
keys.openpgp.org?  Who will be an auditor (like webtrust.org)?

> However, in this case more like CAcert.

Like CAcert installed as the _only_ CA on a system as of now.  Enigmail does 
not perform searches on SKS anymore.

And Enigmail is like a software that encourages any user to get a CAcert 
certificate ‘in two clicks’, not even informing him, that they are not 
universally accepted.  To repeat, Enigmail does neither upload keys to SKS 
anymore by default, _nor ask a user where to upload_ them.  Unless he is 
competent enough to edit the settings beforehand, they are silently sent to 
keys.openpgp.org; and keys.openpgp.org is unwilling to share the data collected 
from unsuspecting users with anyone else.

> BTW, although the SKS keyserver network is distributed, its DNS is under the 
> control of a single person too.

Unless you mean an entity that controls root DNS of the Internet, for sure, DNS 
of SKS *network* is _not_ under control of a single person.  And that’s the key 
difference!  GnuPG is configured by default to use some _entry point_ to a 
distributed network, while Enigmail is now configured to use a proprietary 
centralized network.

With SKS, when the default entry point is down, I can simply choose the other 
one, and if I am paranoid I can command GPG to check several keyservers — 
results must be identical, am I right?

> Thus the default keyserver in GnuPG has a similar SPoF but in this case the 
> guy running this has quite some long term credibility.

And even if it has none.  How a credibility of the owner of round-robin DNS 
that randomly chooses a node in distributed network pool can be compared to a 
credibility required from a single owner of the whole network?

> If Patrick (Enigmail author) wants to use keys.openpgp.org as default he can 
> of course do that.

It’s hard to argue.  Even if he wanted to switch from OpenPGP to some other 
protocol, he could of course do that too.

He’s in fact in a halfway of doing that.  Enigmail 2.1 (for Thunderbird 68, now 
in beta) primarily advertising itself not as a GPG-frontend or an 
OpenPGP-compatible tool, but as a PEP [2] software.  And for PEP OpenPGP is 
_not_ the preferred backend protocol, it prefer to use OTR, if possible. [3]

[2] https://pep.software
[3] :
| — How does p≡p select the most secure way of sending an email or a message?
|
| When a p≡p user is communicating with another p≡p user:
|
| 1. if online communication available: OTR through GNUnet.
| 2. if online communication not available:
| a. if anonymizing platform available, OpenPGP through anonymizing platform 
(i.e. Qabel),
| b. if anonymizing platform not available, fallback to OpenPGP.
|
| When a p≡p user is communicating with a non-p≡p user then depending on the 
capabilities of the non-p≡p user:
| 1. if anonymizing and forward secrecy is possible, use that (i.e. OTR over 
GNUnet).
| 2. if anonymizing but no forward secrecy is possible, use that (i.e. OpenPGP 
over Qabel).
| 3. if forward secrecy is possible, use that (i.e. OTR).
| 4. if hard cryptography but no forward secrecy is possible, use that (i.e. 
OpenPGP)
| 5. if only weak cryptography is possible, use that (i.e. S/MIME with 
commercial CAs)
| 6. send unencrypted.

It’s not possible with Enigmail yet, but the PEP-targeted interface and mode of 
operation are already default for all new installations.  And to get back to 
the classic one, that has various features, apparently believed to be useless 
now (cr

emailselfdefense.fsf.org indirectly recommends a proprietary service through a new Enigmail defaults

[Dmitry Alexandrov]

Hello.  FSF’s ‘Email Self-Defence Guide’ [1] teaches those who are not yet 
familiar with OpenPGP to use Thunderbird + Enigmail and features the following 
text:

| In your email program's menu, select Enigmail → Key Management.
|
| Right click on your key and select Upload Public Keys to Keyserver. Use the 
default keyserver in the popup.
|
| Now someone who wants to send you an encrypted message can download your 
public key from the Internet. There are multiple keyservers that you can select 
from the menu when you upload, but they are all copies of each other, so it 
doesn't matter which one you use.

However, since the last week this is no longer true, as Patrick Brunschwig 
, an author of Enigmail, making use of a recently 
exploited security flaw in SKS network, which the guide describes, changed the 
default keyserver from the SKS round-robin pool, to a *proprietary centralized 
service* [2], “one of whose initiators” he was, and which does _not_ share the 
base with with SKS: as of now, it provides info for about 5 000 email’s (SKS — 
for about 5 000 000 keys).

Some more details are in the correspondence below.

WDYT?

[1] https://emailselfdefense.fsf.org
[2] https://keys.openpgp.org


--- Begin Message ---
On 10.07.2019 05:55, Dmitry Alexandrov wrote:
> Patrick Brunschwig  wrote:
>> I am happy to announce Enigmail v2.0.12 for Thunderbird 60.*
> 
>> This release sets the default keyserver to keys.openpgp.org in order to 
>> mitigate the SKS Keyserver Network Attack [1]. This change is applied 
>> unconditionally for all installations, except if the default keyserver is 
>> set to an ldap server.
> 
> Given that the issue is now mitigated in GPG, when will reverting this back 
> be scheduled?

I won't revert this change for two reasons:

1. It will take weeks to months until the majority of the Windows and
macOS systems will have updated (which first requires the availability
of new versions of gpg4win, GPGTools, GpgOSX etc).

2. As I already said publicly, the default in Enigmail 2.1 will be
keys.openpgp.org. The change is now just a little earlier than anticipated.

If you want a different default keyserver, you can change that manually
in the Enigmail preferences.

-Patrick



signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Patrick Brunschwig  wrote:
> On 10.07.2019 05:55, Dmitry Alexandrov wrote:
>> Patrick Brunschwig  wrote:
>>> I am happy to announce Enigmail v2.0.12 for Thunderbird 60.*
>> 
>>> This release sets the default keyserver to keys.openpgp.org in order to 
>>> mitigate the SKS Keyserver Network Attack [1]. This change is applied 
>>> unconditionally for all installations, except if the default keyserver is 
>>> set to an ldap server.
>> 
>> Given that the issue is now mitigated in GPG, when will reverting this back 
>> be scheduled?
>
> I won't revert this change for two reasons:
>
> 1. It will take weeks to months until the majority of the Windows and macOS 
> systems will have updated (which first requires the availability of new 
> versions of gpg4win, GPGTools, GpgOSX etc).

Well, that’s exactly the kind of answer I hoped to get: a stub will be reverted 
when such and such updates are published.  But I see now, I was too optimistic. 
 :-\

> 2. As I already said publicly, the default in Enigmail 2.1 will be 
> keys.openpgp.org. The change is now just a little earlier than anticipated.

So, just to clarify, you intentionally replaced the standard distributed 
network with some freshly established private service, where centralized 
control is _not_ a child illness, but a design:

| Several folks offered to help out by "running a Hagrid server instance". We 
very much appreciate the offer, but we will probably never have an "open" 
federation model like SKS, where everyone can run an instance and become part 
of a "pool".
— https://keys.openpgp.org/about/faq

moreover, pushed that change to setups of the most old users, — and found all 
of that absolutely okay?

> If you want a different default keyserver, you can change that manually in 
> the Enigmail preferences.

Please, do not say it like the question is about choosing a default 
colour-scheme or some other trifle!  It’s not a ‘different keyserver’ in a 
sense, that became usual for all those years of SKS (that is, whether it 
pgp.mit.edu, keys.ubuntu.com or even keybase.io).  You have driven the whole 
userbase to a *different network* — a network consisting of a single server.


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
On 10.07.2019 10:43, Dmitry Alexandrov wrote:
> Patrick Brunschwig  wrote:
>> On 10.07.2019 05:55, Dmitry Alexandrov wrote:
>>> Patrick Brunschwig  wrote:
>>>> I am happy to announce Enigm

Why is it ethical not to write a program at all (Was: referencing non-free software)

[Dmitry Alexandrov]

> Also, why it's ethical not to write the program at all (giving users
> _no_ freedom to do anything)

Because proprietor is not ‘giving’ or ‘presenting’ freedoms to users, he is 
*returning* it.

Naturally users do have their essential rights, it’s a copyright law that takes 
them away, establishing a _monopoly_ for the benefit of an author or (which is 
more likely) an author’s employer.  Thus, a free software supporter would argue 
that a moral duty of an ethical proprietor is to deny to accept socially 
harmful privileges and return users their essential rights back.

> but unethical to write it and then not GPL it.

There are many other ethical (that is free) software licences besides GNU GPL.  
Three (or four) of them are other GNU licences, by the way.

___
gnu-misc-discuss mailing list
gnu-misc-discuss@gnu.org
https://lists.gnu.org/mailman/listinfo/gnu-misc-discuss

Re: referencing non-free software

[Dmitry Alexandrov]

> I understand the argument for preventing naive/unsophisticated users
> from getting trapped into proprietary programs without a full
> appreciation of the consequences.  But most Org mode users would not
> be in that category.

Who knows, who knows, time flies faster than one might realize.  I, to be 
honest, was quite surprised to find out that someone wrote nonfree 
Org-compatible program specifically for iOS and for nothing else.

___
gnu-misc-discuss mailing list
gnu-misc-discuss@gnu.org
https://lists.gnu.org/mailman/listinfo/gnu-misc-discuss

Re: referencing non-free software

[Dmitry Alexandrov]

Ilya Shlyakhter wrote:
> All I'm suggesting is that beOrg be mentioned in the same appendix
> as MobileOrg ( https://orgmode.org/manual/MobileOrg.html#MobileOrg),
> along with a note saying "beOrg is currently non-free, we strongly
> recommend that users avoid non-free software, here is a link to the
> FSF pages explaining why".  How could this be reasonably seen by
> users as an "endorsement" of the non-free beOrg, if we explicitly
> say we recommend MobileOrg, and provide the beOrg reference only to
> give users all relevant information?

By the way, as of now this very appendix [0] clearly endorses Dropbox, whose 
website cannot be even be read properly without using nonfree software, what to 
say about being properly used!  And whose installable client is nonfree too, of 
course.

| For a server to host files, consider options like Dropbox.com
| account. On first connection, MobileOrg creates a directory
| MobileOrg/ on Dropbox. Pass its location to Emacs through an init
| file variable as follows:
|
|(setq org-mobile-directory "~/Dropbox/MobileOrg")

The only ‘alternative’ it mentions is ‘to use webdav server’.

[0] 
https://orgmode.org/manual/Setting-up-the-staging-area.html#Setting-up-the-staging-area

___
gnu-misc-discuss mailing list
gnu-misc-discuss@gnu.org
https://lists.gnu.org/mailman/listinfo/gnu-misc-discuss

Re: referencing non-free software

[Dmitry Alexandrov]

>>> It's one thing to promote free software by creating a free program
>>> superior to a non-free one, pointing users to both, explaining the
>>> advantages of the free program (including the freedom part), and
>>> then letting the users decide.  It's quite another thing to simply
>>> hide the non-free program from users. ... Is the assumption here
>>> that users are unable to see their own best interests, even when
>>> presented with all the arguments?  ... If no, why not point users
>>> to both free and non-free alternatives and trust them to decide?
>>
>> ...
>
> My question grows out of the discussion here:
> http://lists.gnu.org/archive/html/emacs-orgmode/2018-01/msg00036.html

Just to be clear, as (I suppose) few of subscribers there are able to judge 
about programs that run on iOS from their own experience.

In this case, the alternative that you found technically superior to another is 
the nonfree one, and you expect that a user would most likely decide to choose 
it rather than free one, when presented with all arguments, am I right?

___
gnu-misc-discuss mailing list
gnu-misc-discuss@gnu.org
https://lists.gnu.org/mailman/listinfo/gnu-misc-discuss

Re: Linux Kernel.org email address

[Dmitry Alexandrov]

Jacinto Moreno  writes:

IANAL, TINLA.

> Hi,Our company has made some small modifications to the Linux Kernel
> and in order to be compliant with GPLv2 I wanted to send an email to
> kernel.org with the patches we
> made.https://www.kernel.org/doc/pending/gplv2-howto.html
> "... send the patch file to the project's developers, either directly
> in email or to the project's development mailing list."

GNU GPLv2 (as well as any other free software licence) has no such a
requirement — to send ‘patches’ (i. e. modifications) upstream or
anywhere else.  You are free to use modified program internally, as well
as you are free to provide the correspondent source code (N. B. not the
‘patches’, but the full source code) to users of your program only.

You might read the article at kernel.org more carefully and find out
that it actually does *not* say that you must to do it, instead it is
written is in such a cunning way that made you believe that this
requirement exists.  However, it also seems to include some minor
statements that are clearly false.  So if you’d like to learn more about
GNU GPLv2, you’d better look through its actual text [0] (unlike many
legal documents, free licences are mostly written in a human language),
and the GNU GPLv2 FAQ [1].

[0] https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
[1] https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.html

On the other hand, it indeed would be generous of you towards free
software to publish your modifications at no fee and send them upstream.

> I was wondering if anybody knows to which e-mail address I need to send the 
> email to?

Linux® developers mailing lists are hosted on http://vger.kernel.org.  You might
find the full list of list at http://vger.kernel.org/vger-lists.html

___
gnu-misc-discuss mailing list
gnu-misc-discuss@gnu.org
https://lists.gnu.org/mailman/listinfo/gnu-misc-discuss